Authentication systems such as OAuth and Facebook Connect allow a service provider to verify the identity of a user by sharing a secure session token of a connection between the authentication system and the user.
This type of authentication system does not typically allow a service provider to establish their own identity credential relationship with the user without conducting their own identity verification process.
These types of authentication systems lack robustness. In the event that the authentication system is in a state of compromise, the service provider is unable to authenticate the user. Additionally, service providers may be affected by the operational rules and business practices of the authentication system which may not be in the interests of service providers.
Whilst it is possible for a service provider to request users to provide sufficient identification information in conducting an identity verification process prior to enabling a user to access a service, this option is typically not ideal for the user or the third party. In particular, the user is required to supply identification information which may have been provided to another party previously, thus duplicating work. Furthermore, the service provider may not have the necessary services to be able to perform the identity verification process for the service being provided.
Therefore, there is a need to overcome or at least alleviate one or more of the above-mentioned disadvantages.
The reference in this specification to any prior publication (or information derived from it), or to any matter which is known, is not, and should not be taken as an acknowledgment or admission or any form of suggestion that the prior publication (or information derived from it) or known matter forms part of the common general knowledge in the field of endeavour to which this specification relates.